Risk assessment determines threats to critical resources and the corresponding loss expectancy.Bayesian network is used to model potential attack paths in a system. Knowledge of attackers and attack mechanisms are used to fetch the subset of attack paths. Security risk assessment and mitigation are two vital processes. Models such as attack graphs and attack trees are used to assess the cause-c...

   Background: Developmental dysplasia of hip (DDH) is a common childhood disorder, and ultrasonography examination is routinely used for screening purposes. In this study, we aimed to evaluate a modified combined static and dynamic  ultrasound technique for the detection of DDH and to compare with the results of static and dynamic ultrasound techniques.    Methods:In this cross-sectional study...

LJGS is a lightweight Java core calculus with a gradual security type system. The calculus guarantees secure information flow for sequential, class-based, typed object-oriented programming with mutable objects and virtual method calls. An LJGS program is composed of fragments that are checked either statically or dynamically. Statically checked fragments adhere to a security type system so that...

In this paper we discuss the problem of modeling security properties, including what we call the dual modeling problem, and ranking of potential vulnerabilities. The discussion is based on the results of a brief survey of eight existing static analysis tools and our own experience. We propose dependence graphs decorated with type and range information as a generic way of modeling security prope...

This paper deals with network security assessment. We discuss currently available network security assessment tools and provide a categorization of their limitations. We revisit the methodology that the tools are based on, the flaw-hypothesis testing methodology. We then discuss the application of the methodology to network security assessment and discuss what is necessary to augment current ne...

Confidentiality is maybe the most popular security property to be formally or informally verified. Noninterference is a baseline security policy to formalize confidentiality of secret information manipulated by a program. Many static analyses have been developed for the verification of noninterference. In contrast to those static analyses, this paper considers the run-time verification of the r...

Multiple software products often exist on the same server and therefore vulnerability in one product might compromise the entire system. It is imperative to perform a security risk assessment during the selection of the candidate software products that become part of a larger system. Having a quantitative security risk assessment model provides an objective criterion for such assessment and com...

In this paper, we propose the necessary steps in implementing strong WLAN security for companies using our visual security assessment framework for wireless information assurance. Through real case studies on the organisations with various security measures and by showing complete execution paths of our framework, we suggest the importance of continual assessment of the WLAN for strong corporat...